The U.S. Patent and Trademark Office on Thursday published an Apple patent application describing a system that thwarts spam mail by automatically generating and handling "disposable" email addresses, all while being transparent to the end user.

According to Apple's patent filing, suitably titled "Disposable email address generation and mapping to a regular email account," the integrated system would work at the server level to act as a screen for incoming spam mail.

Further, these generated email accounts can be intelligently tagged with contextual clues to help users track down the source responsible for handing off the address to a spam provider.

As noted in the document, email has become a ubiquitous form of communication. Just as physical mail has "junk mail" (advertisements, pamphlets, etc.), so too does email in the form of spam. Unlike snail mail, however, the level of spam can quickly become unmanageable. Not only are user addresses easily obtainable and transferable, but the costs associated with sending digital junk are comparatively miniscule.

To help combat the rising tide of spam, some users have turned to disposable email addresses that can be easily destroyed or deactivated once abused by a spammer. These accounts usually forward mail to a permanent email address without exposing said address to unwanted parties. This saves users from the hassles associated with changing a permanent email address, such as remembering and notifying important contacts.

As it stands, the disposable email system is cumbersome, says Apple, and may require obtaining accounts from sources other than their primary provider. The generated account names are usually easily recognizable and are sometimes not accepted by certain automated online services that block bots.

Apple proposes an automated system that in some embodiments automatically creates and handles a temporary email address, associating it with a permanent non-disposable address. If and when a disposable account is misused, the user can dump it and move on to a new one without ditching their permanent address.

Source: USPTO

In some cases, the system can assign context information when creating the disposable account. For example, if a user is giving their address to a vendor, context information associated with that vendor's name can be added as part of the address. If the user receives spam through that specific account, they will be able to examine the associated context information and use it to take action against the vendor for providing the address to an unauthorized party.

An important part of the application relies on the backend system's handling of incoming messages. With normal disposable address methods, emails are forwarded directly to users' permanent accounts. This may lead to accidental replies from a non-disposable address. Apple's system would automatically detect which account a reply is coming from and handle the transfer accordingly without exposing the user.

The temporary accounts would preferably be indistinguishable from a permanent address. For example, if email addresses associated with the server usually use the format "FirstName.LastName@domain.com," the system would create a similar disposable account for a user. Obviously, real names would not be used in such a scenario.

The remainder of the application details various implementations of the invention, such as browser plug-ins, email clients and server-level instruction sets. Also discussed are possible graphical user interfaces for both a dedicated app and Web clients.

This is so obvious that I'd expected it earlier. Still, great if they implement such a system. I used to create a gmail (sic) account if I ordered something online, and delete the account from Mail once delivered. As good as gmail is at getting rid of spam, I moved on, because, well, gmail is still Google after all.

Is the RFC process dead? Shouldn't the industry, through the RFC process deal with this problem?

The "industry" includes companies who want to spam you and other companies who want to track you. The RFC process has proven to be ineffective in cases where there are competing interests (ref: Adobe/HTML5 and Google/Do Not Track).

Is the RFC process dead? Shouldn't the industry, through the RFC process deal with this problem?

The "industry" includes companies who want to spam you and other companies who want to track you. The RFC process has proven to be ineffective in cases where there are competing interests (ref: Adobe/HTML5 and Google/Do Not Track).

This is why I have my hotmail account and had it since the 90's, anytime I do business over the internet with a company I am not sure about they get the hotmail account email and I let M$ deal with all the spam. Since I have been doing this my person IPS email address has never been spammed. M$ does a pretty good job of filtering out the spam, but the account does get hit from time to time with Spam.

Disposable emails sounds like too much of a hassle. I use a spam filtering service which works wonderfully and I don't have to do anything. It just works. I don't usually get any spam on iCloud either so Apple apparently has pretty good filtering already.

I already do this manually using an email service with sub-domain support. It's very effective. I provide a unique email address to every service I register and as soon as one gets compromised I simply block it. Depending on the service I may even block the address proactively and only unblock it if or when I need to.

It's great that Apple are looking to take this approach on board at the server level and make it automatic and transparent to users. A very intelligent idea and I hope they can implement it soon (if they haven't already).

The other benefit to this approach is limiting the linking and unification of profiles from a government spying perspective...

I want the exact opposite. If anyone you don't know or approve wants to email you, they cannot. Surely this would not be hard to implement.

You can achieve something like this using email rules. Most email applications have pretty good rule management including Mail in OS X. For instance you can set up a rule to only receive emails from people in your contact list and people you've emailed previously. The problem is this isn't occurring at the server level. You'd still be getting emails from others but would just be automatically deleting them or forwarding them to the trash.

Some other services like the one I mentioned above give you more powerful rule management to block emails at the server level so they're never actually delivered but either bounce or are deleted before being delivered.

I am not a patent troll. We did NOT apply for a patent for our Locked Addresses feature since we do not believe in software patents. I merely sent the prior art to the USPTO to PREVENT Apple from being granted a patent.

You can Google "CanIt Antispam" to see who we are and what we're all about.

I am not a patent troll. We did NOT apply for a patent for our Locked Addresses feature since we do not believe in software patents. I merely sent the prior art to the USPTO to PREVENT Apple from being granted a patent.

And you’re confident that you have this as a patent and there’s no difference whatsoever in Apple’s proposed implementation?

This is why I have my hotmail account and had it since the 90's, anytime I do business over the internet with a company I am not sure about they get the hotmail account email and I let M$ deal with all the spam. Since I have been doing this my person IPS email address has never been spammed. M$ does a pretty good job of filtering out the spam, but the account does get hit from time to time with Spam.

Same here. My main email has been Verizon/Yahoo and I need to use Gmail ones for work, but I also have a don't-use-for-anything-else Hotmail account that I started in the late '90s for anything that doesn't have to be my real email. Lots of verifying via email sent to me. I also use it as my cc to myself so that doesn't fill up my Apple Mail. And that semi embarrassing Hotmail account has turned out to be the least screwy experience of all of them. Gmail gets less junk than the others but is by far the worst to use, as far as I'm concerned. Verizon/Yahoo has far too many technical problems (even aside from the disastrous remaking of their webmail site).

Weird but true. Hotmail not be the most amazing experience but by not getting worse like nearly every other large service they don't come off badly at all.

If you read the article, it clearly states that this system would be transparent to the user.
They are probably looking to implement this with the iCloud email system.

Quote:

Originally Posted by mstone

Disposable emails sounds like too much of a hassle. I use a spam filtering service which works wonderfully and I don't have to do anything. It just works. I don't usually get any spam on iCloud either so Apple apparently has pretty good filtering already.

In some cases, the system can assign context information when creating the disposable account. For example, if a user is giving their address to a vendor, context information associated with that vendor's name can be added as part of the address. If the user receives spam through that specific account, they will be able to examine the associated context information and use it to take action against the vendor for providing the address to an unauthorized party.

This is what I would do with my own mail server. Put the site name on the address I registered to so I could have prove the site is abusing my email address.

"Further, these generated email accounts would be intelligently tagged with contextual clues that help users track down the source responsible for handing off the address to a spam provider."

YES! 1000 times YES!

Once they do that I'll be able to get my cyber hands around their cyber throats.

As I think about it, maybe it's not so surprising that Apple came up with this. After all, it's kind of what they've been doing (as it's been rumored) to ensure secrecy of their new products - they give different employees different parts of it, with different "contextual clues", so if it leaks, they can track down where the leak came from. It's pretty clever to expand this to a system of tracking down spammers.

Our Locked Addresses feature is not patented because I am philosophically opposed to software patents.

Secondly, under patent law, prior art does not need to be patented. You merely need to show that an invention has been invented and published before the filing date. We invented and published the Locked Addresses feature in 2005. If you wish, I can post release notes, our source-code control history or the mailing list archive announcing the feature. Or you can find various online sources who covered our release... for example, http://net-security.org/article.php?id=854